package com.servlet;

import java.io.IOException;
import java.sql.ResultSet;
import java.util.List;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.model.Student;
import com.model.User;
import com.util.JdbcUtil;

/**
 * Servlet implementation class UserServlet
 */
@WebServlet("/user")
public class UserServlet extends BaseServlet {
       
    /**
     * @see HttpServlet#HttpServlet()
     */
    public UserServlet() {
        super();
        // TODO Auto-generated constructor stub
    }

	protected void exit(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		request.getSession().removeAttribute("user");
		response.sendRedirect("login.jsp");
	}
	
	/*protected void login(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

		String username = request.getParameter("username");
		String password = request.getParameter("password");
		JdbcUtil jdbc = new JdbcUtil();
		String sql="select * from tab_user where username='"+username+"' and password='"+password+"'";
		//"select * from tab_user where username='admin' and password='123456'"
		try {
			ResultSet rs = jdbc.queryStatement(sql);
			
			if(rs.next()){
				
				int id = rs.getInt(1);
				String uname = rs.getString(2);
				String pwd = rs.getString(3);
				User user = new User(id,uname,pwd);
				
				HttpSession session = request.getSession();
				session.setAttribute("user", user);
				//查询student表中的数据
				
			    sql="select * from student";
			    List<Student> stus = jdbc.queryPreparedStatement(sql, Student.class);
			    request.setAttribute("stus", stus);
				request.getRequestDispatcher("student.jsp").forward(request, response);
			}else{
				request.setAttribute("mess", "用户名或密码不正确");
				request.getRequestDispatcher("login.jsp").forward(request, response);
			}
		} catch (Exception e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
		
	}*/
	
	protected void login(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

		String username = request.getParameter("username");
		String password = request.getParameter("password");
		JdbcUtil jdbc = new JdbcUtil();
		String sql="select * from tab_user where username=? and password=?";
		List<User> users = jdbc.queryPreparedStatement(sql, User.class, username,password);
		if(users.size()>0){
			
			HttpSession session = request.getSession();
			session.setAttribute("user", users.get(0));
			//查询student表中的数据
			//request.getRequestDispatcher("student?action=query&cp=1").forward(request, response);
			response.sendRedirect("student?action=query&cp=1");
		}else{
			request.setAttribute("mess", "用户名或密码不正确");
			request.getRequestDispatcher("login.jsp").forward(request, response);
		}
	}
	

}
